Search results

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative Mutual Identity Establishment (CMIE) scheme which adopts the elliptical curve cryptography (ECC), to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as denial-of-service (DoS) and replay attack.

This paper provides a comparative analysis of the existing protocols that address the security issues in the FI and also provides a CMIE scheme, by adopting the ECC and digital signature verification mechanism, to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as DoS and replay attack. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Further, the algorithm is evaluated against Automated Validation of Internet Security Protocols and Application (AVISPA) tool to verify the security solutions that the CMIE scheme has claimed to address to have been effectively achieved in reality.

The algorithm is evaluated against AVISPA tool to verify the security solutions that the CMIE scheme has claimed to address and proved to have been effectively achieved in reality. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI.

Considering the Internet of Things (IoT) scenario, another important aspect that is the device-to-location (D2L) aspect has not been considered in this protocol. Major focus of the protocol is centered around the device-to-device (D2D) and device-to-server (D2S) scenarios. Also, IoT basically works upon a confluence of hundreds for protocols that support the achievement of various factors in the IoT, for example Data Distribution Service, Message Queue Telemetry Transport, Extensible Messaging and Presence Protocol, Constrained Application Protocol (CoAP) and so on. Interoperability of the proposed CMIE algorithm with the existing protocols has to be considered to establish a complete model that fits the FI. Further, each request for mutual authentication requires a querying of the database and a computation at each of the participating entities side for verification which could take considerable amount of time. However, for applications that require firm authentication for maintaining and ensuring secure interactions between entities prior to access control and initiation of actual transfer of sensitive information, the negligible difference in computation time can be ignored for the greater benefit that comes with stronger security. Other factors such as quality of service (QoS) (i.e. flexibility of data delivery, resource usage and timing), key management and distribution also need to be considered. However, the user still has the responsibility to choose the required protocol that suits one’s application and serves the purpose.

The originality of the work lies in adopting the ECC and digital signature verification mechanism to develop a new scheme that ensures mutual authentication between participating entities in the FI based upon certain user information such as identities. ECC provides efficiency in terms of key size generated and security against main-in-middle attack. The proposed scheme provides secured interactions between devices/entities in the FI.

Aircraft structures and in particular thick wing structures comprise ribs 2 of zigzag formation, Fig. 2, assembled in such manner as to form upper and lower reticulated frames which are spaced apart by posts 4 and are directly secured to the outer covering or skin 1 of the wing or other structure. Longitudinal booms 3 are also secured to the outer covering and to the ribs at the points of inter‐attachment thereof, Fig. 6. Ribs 2 are of channel section shaped at the bends to form flats 2a and to form recesses to allow passage of the booms 3. Adjacent ribs are attached to each other and to the booms at each junction by straps 5, Fig. 5, bent to the shape of the rib angle at 5a, and to that of the underside of the boom at 5b. Parts 5a of opposed straps are introduced between flats 2a of the ribs, the strap extending under the rib channel and then upwardly to connect with the boom, Fig. 6. Tubular posts 4 are secured to flats 5a, Fig. 5, of straps 5 by flanges 6, Fig. 2; the joints may be stiffened by additional gussets such as 7.

Examines the process of change in marketing channels and its cyclical nature. Looks at the contradictory problems of the needs of small retailers and efficient distribution, suggesting possible answers. Explores the implications of the rise of franchising for channels and the economy as a whole. Provides some current options for manufacturers to secure their marketing channels.

Supervisory control and data acquisition (SCADA) systems are widely used by utility companies during the production and distribution of oil, gas, chemicals, electric power, and water to control and monitor these operations. A cyber attack on a SCADA system cannot only result in a major financial disaster but also in devastating damage to public safety and health. The purpose of this paper is to survey the literature on the cyber security of SCADA systems and then suggest two categories of security solutions.

The paper proposes the use of secure socket layer/transport layer security (SSL/TLS) and IP security (IPsec) solutions, implemented on the test‐bed at the University of Louisville, as the optimal choices when considering the level of security a solution can provide and the difficulty of implementing such a security measure. The paper analyzes these two solution choices, discuss their advantages and disadvantages, and present details on efficient ways of implementing these solutions.

The SSL/TLS solution to the protocol security using public domain toolkits such as OpenSSL may provide a fast, effective, and economical solution. However, the SSL/TLS protocol and its implementation toolkits have their limitations so this approach may need another enhancement.

IPsec can be used to provide IP‐level security in addition to SSL/TLS.

The use of these enhanced security approaches in SCADA systems should effectively reduce the vulnerability of these critical systems to malicious cyber attacks, and thereby potentially avoiding the serious consequences of such attacks.

Similarly, Zhu et al. (2014) and Zhang et al. (2014) stated that addressing privacy concerns with the recommendation process is necessary for the healthy development of app recommendation. Recently, Xiao et al. (2020) mentioned that a lack of effective privacy policy hinders the development of personalized recommendation services. According to the reported work, privacy protection technology methods are too limited for mobile focusing on data encryption, anonymity, disturbance, elimination of redundant data to protect the recommendation process from privacy breaches. So, this situation motivated us to conduct a systematic literature review (SLR) to provide the viewpoint of privacy and security concerns as mentioned in current state-of-the-art in the mobile app recommendation domain.

In this work, the authors have followed Kitchenham guidelines (Kitchenham and Charters, 2007) to devise the SLR process. According to the guidelines, the SLR process has three main phases: (1) define, (2) conduct the search and (3) report the results. Furthermore, the authors used systematic mapping approach as well to ensure the whole process.

Based on the selected studies, the authors proposed three main thematic taxonomies, including architectural style, security and privacy strategies, and user-usage in the mobile app recommendation domain. From the studies' synthesis viewpoint, it is observed that the majority of the research efforts have focused on the movie recommendation field, while the mainly used privacy scheme is homomorphic encryption. Finally, the authors suggested a set of future research dimensions useful for the potential researchers interested to perform the research in the mobile app recommendation domain.

This is an SLR article, based on existing published research, where the authors identified key issues and future directions.

It is important for an exporting manufacturer to motivate its foreign channel partners to sell and promote its products. An excellent way to motivate such foreign channel partners is to give them exclusive territories. Unfortunately, there is a lack of knowledge regarding the determinants of territorial exclusivity. This study aims to investigate the relationship between organizational culture and territorial exclusivity and the moderating role of firm size in this relationship.

Survey data were collected from manufacturing small and medium-sized enterprises (SMEs) in Japan. To test the hypotheses, a regression analysis was conducted using the ordinary least squares technique.

Empirical evidence shows that the cultural values of collectivism and uncertainty avoidance influence territorial exclusivity; collectivist exporters are likely to use territorial exclusivity, whereas exporters with high uncertainty avoidance are not likely to use it. Furthermore, the larger the firm size, the smaller the impact of cultural values on territorial exclusivity; this suggests that large SMEs do not rely on their organizational culture to make decisions about exclusive territories.

The export marketing literature emphasizes the advantages of exclusive territories. By contrast, the channel management literature suggests that exclusive territories also have disadvantages. As exclusive territories have both advantages and disadvantages, it is crucial to answer the following question: What kinds of exporting manufacturers grant exclusive territories to their foreign channel partners? By addressing this question, this study contributes to a better understanding of export channel strategy.

The number of mobile phone users is increasing rapidly and this will provide opportunities for developing additional business in the mobile device market. Wireless online games is one of the rising stars in the market. Nevertheless, the insecurity of data transmission through wireless networks and the low performance of the central processing unit (CPU) of mobile devices create a barrier to doing business through these wireless networks. This paper proposes an “interactive dynamic cryptosystem” for enhancing the security of data transmission through wireless networks and a multi‐tier architecture for improving the performance and management of the multi‐user wireless online games system. Based on the proposal, a safe environment can be set up for truly real‐time interactive wireless online games.

Sales promotion is an important element of marketing communication strategy which accounts for more promotional expenditures than advertising in some countries. However, sales promotion has been generally ignored by researchers. This article briefly reviews the criteria used in the US to evaluate sales promotions and these criteria are found inadequate to guide the formulation of sales promotion internationally. Environmental sensitivity factors are identified which are overlooked in domestic sales promotions and an audit approach to planning and evaluating cross‐national sales promotion strategy is presented.

Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of system corruption, fraud, theft and viruses point companies to the need for enhanced security. Investigates the importance of securing a company’s systems, its individual users, and its commercial transactions, and provides a checklist along with a brief discussion of available protection measures for these three primary security concerns.